CVE-2025-42875
MEDIUMSAP Internet Communication Framework - Auth Bypass
Title source: llmDescription
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.
Scores
CVSS v3
6.6
EPSS
0.0007
EPSS Percentile
20.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Classification
CWE
CWE-306
Status
draft
Timeline
Published
Dec 09, 2025
Tracked Since
Feb 18, 2026